Database Monitoring: Why Bother?

By | In Blog, Database Administration | October 22nd, 2013

database-monitoringDatabase monitoring seems among the lackluster routine tasks for database administrators. Why bother, when there are Big Data projects to be created and cloud computing to explore? Why should you monitor database activity?

Adrian Lane, a security analyst writing on Dark Reading, notes:

“This is why! Hackers stole $45 million from ATMs — a theft made possible by breaching several bank databases and make simple alterations that allowed thieves to siphon [off] cash.”

Because that attack was carried out in waves, “[T]he easiest point of detection should have been through the database;” he says, “one of the types of attacks that database activity monitoring systems were designed for.”

Database security is critical in preventing these sorts of events, but monitoring is a critical line of defense for enterprise networks.

Database monitoring helps by tracking users with specific privileges in the system as well as sounding the alarm when any odd changes to data are noticed, some of which may be the hallmarks of either an intrusion or internal theft.

Most data is stolen when the data is simply residing in the database, the 2013 Verizon Data Breach Report found:

“Not one breach in this sample happened to data that was ‘in transit’. In fact, two-thirds of breaches involved data ‘at rest’ (in databases and on file servers), and the rest was being processed when compromised.”

The Data Breach Investigations report, produced annually since 2008, analyzed approximately 47,000 different security incidents. Database administrators have any number of tools available to them. Database monitoring systems have been available for more than 10 years.

TechTarget explains:

“Database activity monitoring can be accomplished through a combination of several methods, including network sniffing, reading of database audit logs and/or system tables and memory scraping. Regardless of the methodology chosen, the data must be correlated in order to detect and get a more accurate picture of what’s going on within the database. Vendor DAM tools can help simplify that correlation and provide the administrator with the ability to detect attacks as well as provide forensic evidence in the case of an actual data breach.”

Auditing tools simply allow a database administrator to see the data that has been changed. Database activity monitoring goes farther, allowing compliance controls, for example, to be enacted. A user can look across platforms to see how data is being accessed and to see who is accessing it. It can also be used for operations monitoring as well as for tasks such as assessing compliance with government regulations.

In other words, database activity monitoring is an essential task to which database administrators must devote their time and resources. What are your thoughts? Let us know, we’d love to hear from you.

Image by U.S. News/Money.

Contact Us
John Kaufling
Vice President and Practice Leader of Application Services
John Kaufling has more than 20 years of experience in the IT industry, including more than 12 years as an Oracle EBS database administrator at Level 3 Communications and at Oracle Corporation. His specialties include implementations, upgrades, performance tuning and extensive capability to support the product. John’s work with Oracle apps database administration has included experience with SOA suite, Veritas Cluster, Oracle DataGuard, Load Balancing from Resonate, Cisco and BigIP and extensive experience with Oracle self-service applications and self-service framework technology.

Leave a Reply

Your email address will not be published.
Required fields are marked (*).